Let’s End Surprise Medical Bills

We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

Five things to do when a company leaks your personal info

Find Ratings

Even if you're not among customers put at risk by hackers stealing personal data from over 100 million user accounts at Sony, odds are that you or someone you know already has or will receive notice of a data breach notice from a bank, retailer, hospital, former employer, or even a government agency.

As our cover story in the June issue of Consumer Reports reveals, there are plenty of things consumers could be doing—but aren't—to protect themselves from online risks, credit card scams and other security threats.

Here are five tips on how to respond to a data breach notice and guard against fraud and identity theft:

1. Accept offers of free credit monitoring services. Don't consider them foolproof, however. And put a note on your calendar to remind you when the free monitoring period ends, so that you aren't automatically charged for continuing such services, which can cost more than $200 a year. There are some types of ID theft that aren't covered by such protection programs and the value of the services offered varies considerably. You can take most of the steps needed to protect yourself on your own at little or no cost, including getting a free copy of your credit report once a year from each of the three credit reporting agencies at www.annualcreditreport.com.

2. Monitor credit and debit card accounts online at least once a week to spot and report any unauthorized credit or debit transactions as quickly as possible. Use other services offered by your bank or card issuer that can help protect you, such as an e-mail or text alert if a transaction occurs for more than a dollar limit you've specified.

3. Put a security freeze on your files at the three credit reporting agencies if there is a chance that a data breach includes your Social Security number, by following the instructions at www.financialprivacynow.org. Armed with your Social Security number, crooks can open new accounts in your name—but use a different mailing address so that you may not be aware of fraudulent charges until you begin getting calls from collection agencies. A freeze is more effective than a fraud alert to protect yourself from this kind of scam, known as new account fraud.

4. Heighten your guard against phishing scams, which are likely to increase in the wake of April's mega breach at Epsilon, an online marketing firm that sends about 40 billion emails annually to customers of major U.S. banks, hotels and other companies such as Krogers, L.L. Bean, Verizon and Walgreens. Using the stolen e-mail addresses, scammers may send you e-mails that appear to come from your bank or other trusted companies but which actually are attempts to install malware or obtain other personal information that can lead to financial fraud. You'll find more details on how to avoid being hooked here.

5. Change user names and passwords on any accounts you know have been breached: Here are some tips on how to choose strong passwords. It's also a good idea to periodically change the PIN on your ATM/debit card to reduce your odds of being a victim of skimming, in which crooks install equipment at ATMs or gas pumps that steals both your PIN and the account information stored on the magnetic stripe on the back of your card. Crooks may hold onto this information for months before using it to make clones of your cards or selling it to other thieves, so changing your PIN at least once a year could prevent them from draining cash from your account.

Visit our free Online Security Guide for more help protecting yourself online, including a music video about phishing and an interactive quiz that lets you test your skill at spotting fraudulent phishing e-mails.